Menu

#6 XML Parser not escaping characters in SQL query

open
nobody
None
5
2012-03-26
2012-03-26
Anonymous
No

Hi,
Just got DB Sanity set up and tried to run simple query as a test. Got an error though as follows:
2012-03-26 22:28:13,840 ERROR (main) [XMLUtil] The content of elements must consist of well-formed character data or markup.
org.xml.sax.SAXParseException; lineNumber: 15; columnNumber: 89; The content of elements must consist of well-formed character data or markup.
at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at javax.xml.parsers.DocumentBuilder.parse(Unknown Source)
at org.databene.commons.xml.XMLUtil.parse(XMLUtil.java:286)
at org.databene.commons.xml.XMLUtil.parseString(XMLUtil.java:261)
at org.databene.commons.xml.XMLUtil.parseString(XMLUtil.java:249)
at org.databene.dbsanity.parser.SanityCheckSuiteParser.parseFile(SanityCheckSuiteParser.java:146)
at org.databene.dbsanity.parser.SanityCheckSuiteParser.parseSuite(SanityCheckSuiteParser.java:99)
at org.databene.dbsanity.parser.SanityCheckSuiteParser.parseFolder(SanityCheckSuiteParser.java:123)
at org.databene.dbsanity.parser.SanityCheckSuiteParser.parseSuite(SanityCheckSuiteParser.java:76)
at org.databene.dbsanity.parser.SanityCheckSuiteParser.parseHierarchy(SanityCheckSuiteParser.java:60)
at org.databene.dbsanity.parser.SanityCheckSuiteParser.parseHierarchy(SanityCheckSuiteParser.java:56)
at org.databene.dbsanity.DbSanity.execute(DbSanity.java:306)
at org.databene.dbsanity.Main.main(Main.java:50)

I was looking around and playing and found out the case being one of my checks:
<check name="User name must be in lowercase" table="user" defectType="data_validation"
description="User names should be saved in lowercase."
requirement="user.user_code.01"
tags="sanitisation,user" >
<sql>SELECT userid, username FROM user WHERE username COLLATE Latin1_General_CS_AS <> LOWER(username)</sql>
</check>

When I edited query to this "<sql>SELECT userid, username FROM user WHERE username COLLATE Latin1_General_CS_AS &lt;&gt; LOWER(username)</sql>", test executed.

Query tested against SQL Server 2008.

Expected:
It would be great to be ble to write statements using >, <, <> without worrying about escaping them or rewriting query to overcome this problem.

Discussion

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.